fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution
Published: February 28, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2516 (NVD)
- GHSA: GHSA-9x97-x2p9-hvpf
- OSVDB: OSVDB-90717
GEM
SEVERITY
CVSS v3.x: 8.8 (High)
PATCHED VERSIONS
>= 0.7.1
DESCRIPTION
fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.